1. Introduction

PayPal Express Checkout is a means of integrating PayPal, that allows you to break down the financial transactions into different steps:

authorisation

data capture

refund ...

In addition to this, PayPal Express Checkout also allows the identification step to be separated from the financial transaction (payment step). This feature enables you to perform the identification step much earlier on in the order process and use the identification result to retrieve the customer's address as registered in the customer’s PayPal account.

2. Configuration

2.1 PayPal Account Configuration

You must set up your PayPal (Business) account to allow our system’s API user to access your account.

To grant API access to our system’s API user, you need to log on to your PayPal account:

This step is obligatory. If your PayPal account is not properly configured, you will not be able to configure PayPal on your Ingenico ePayments account.

The actual structure and behavior of the PayPal back office may differ from this description.

2.2 Ingenico ePayments Account Configuration

You have to configure PayPal via the “Payment methods” link in your Ingenico ePayments Account. The activation of the payment method will be handled by our Customer Care team.

Enabling or disabling the “Direct sale” button in Express Checkout allows users to choose between working in two stages (authorisation and data capture) or in just one (direct sale: automatic data capture by our system when a valid authorisation is available).

When API permission has not been granted and you want to configure Express Checkout in your account, the following error message will be displayed: "Error test merchant config for Paypal ExpressCheckout, probably API access to Paypal merchant account was not authorised by the Merchant"

3. Integration: identification and transaction in one step

The following workflow represents a transaction with PayPal Express Checkout for you (as a merchant) when you don't split the identification and the transaction (payment) steps:

You must send at least the following hidden fields (general e-Commerce parameters) in the redirection to orderstandard.asp / orderstandard_utf8.asp:

Field

Explanation

PSPID

Merchant affiliation name in our system

ORDERID

Merchant order number (merchant reference)

AMOUNT

Amount to be paid (MULTIPLIED BY 100)

CURRENCY

Order currency in ISO alpha code.

LANGUAGE

Customer language

OWNERADDRESS

Address

OWNERTOWN

Town or city

OWNERZIP

Postcode / ZIP

OWNERCTY

ISO country code (BE, FR, US, etc.)

DEVICE

If the cardholder is using a mobile device (such as an iPhone), you may send the "mobile" value. Our system does NOT identify the device.

Optional:

Field

Explanation

COMPLUS

Use this field to submit product/item details. The data will be displayed on the PayPal page.

More information about these fields can be found in your Ingenico ePayments account. Just log in and go to: "Support > Integration & user manuals > Technical guides > Parameter Cookbook".

On submission of the hidden fields, the customer is displayed our secure payment page with an overview of the possible payment methods that are activated in your account. He can then select PayPal.

If you want the customer to select the payment method PayPal on your website instead of on our payment page, you must send us the value "PayPal" with the additional PM hidden field. On submission of the hidden fields, we will forward the customer directly to the PayPal website. The customer will be redirected to the PayPal login screen, where he will be able to identify himself and verify the payment.

Important note on the PayPal cancellation button

The cancel button on the PayPal Express Checkout page does not cancel the transaction on the Ingenico ePayments payment page; by default it takes the customer back to the payment method selection on our payment page, OR it redirects the customer to your own payment method selection page by using the "BACKURL" or back button configuration.

You can configure the BACKURL in your Ingenico ePayments account, via Configuration > Technical information > Payment page > "Back button redirection", and/or you send it along with the other hidden fields to the payment page. In this last case, the URL in the "Back button redirection" (if entered) will be overwritten.

4. Integration: Split identification and payment

The following workflow represents a transaction with PayPal Express Checkout where the identification and payment steps have split:

4.1 Step 1: Identification request

This first step occurs on your website between the shopping basket confirmation and the collection of the delivery details. You need to display a PayPal pay button which redirects the customer to the e-Commerce interface.

You must send the following additional hidden fields behind the pay button in the redirection to /orderstandard_UTF8.asp:

Field

Explanation

PSPID

Merchant affiliation name in our system

ORDERID

Merchant order number (merchant reference)

AMOUNT

Amount to be paid (MULTIPLIED BY 100)

CURRENCY

Order currency in ISO alpha code

LANGUAGE

Customer language

SHASIGN

SHA-IN signature for security

ACCEPTURL

URL to which the customer's details will be posted if the identification is successful

DECLINEURL

URL to which the customer's details will be posted if the identification fails

PM

Fixed value “PAYPAL”

TXTOKEN

Fixed value “INIT”

DEVICE

If the cardholder is using a mobile device (such as an iPhone), you may send the "mobile" value. Our system does NOT identify the device.

Optional:

Field

Explanation

COMPLUS

Use this field to submit product/item details. The data will be displayed on the PayPal page.

More information about these fields can be found in your Ingenico ePayments account. Just log in and go to: "Support > Integration & user manuals > Technical guides > Parameter Cookbook".

On submission of the hidden fields, we will redirect the customer to the PayPal website. The customer will be redirected to the PayPal login screen, where he will be able to identify himself, review his delivery details and continue.

This step can be simulated on the following test page: https://ogone.test.v-psp.com/ncol/test/teststd_paypal_express.htm (only after completion of the PayPal account configuration, otherwise you will receive the error “You do not have permission to make this API call”). You can enter “displayparams.asp” as ACCEPTURL and DECLINEURL in order to have the customer details and parameter feedback displayed in the browser window.

4.2 Step 2: Client details reception

When the identification is successful, the customer's details, including the addresses stored in his PayPal account, will be posted to the ACCEPTURL you've specified in the hidden fields of the identification request (previous step).

4.2.1 Data

The following table lists the available customer data:

Not all fields are always available. The details come directly from the PayPal account. We cannot guarantee the accuracy of this data.

Name

Length

Format

Possible Values

PAYEREMAIL

127

email

PAYERID

17

alphanumeric

PAYERSTATUS

10

alpha

Verified / Unverified

PAYERSALUTATION

20

alpha

PAYERFIRSTNAME

25

alpha

PAYERMIDDLENAME

25

alpha

PAYERLASTNAME

25

alpha

PAYERSUFFIX

12

alpha

PAYERCOUNTRY

2

alpha

PAYERBUSINESS

127

alpha

PAYERADRSTATUS

11

alpha

None / Confirmed / Unconfirmed

PAYERADRNAME

32

alpha

PAYERADRSTREET1

100

alphanumeric

PAYERADRSTREET2

100

alphanumeric

PAYERADRCITYNAME

40

alphanumeric

PAYERADRSTATEORPROVINCE

40

alphanumeric

PAYERADRPOSTALCODE

20

alphanumeric

PAYERADRCOUNTRY

2

alphanumeric

CUSTOM

256

alphanumeric

INVOICEID

127

alphanumeric

CONTACTPHONE

12

Mask

+XXXXXXXXXXX / XXX-XXX-XXXX (US)

In addition to the data received from PayPal, you will receive the following information from our system:

TXTOKEN: 25 alphanumeric (the merchant needs to store this information for the payment step)

PAYID: 15 numeric (the merchant needs to store this information for the payment step)

PSPID

ORDERID

CURRENCY

AMOUNT

AUTHENTSTATUS=0 (only sent if the buyer was able to identify himself).

4.2.2 Security and configuration

To receive the transaction parameters on the specified ACCEPTURL, you need to activate the “I would like to receive transaction feedback parameters on the redirection URLs” option in the "Transaction feedback" tab, in the "HTTP redirection in the browser" section of the Technical Information page.

The redirection process is visible, as it is sent via the customer’s browser. Consequently, you must use an SHA-OUT signature to verify the contents of the request (see SHA-OUT). If you don't configure an SHA-OUT signature, we shall not send any feedback parameters to your ACCEPTURL.

All parameters can be transmitted to the ACCEPTURL using the POST or GET method, depending on the configuration in your Ingenico ePayments Account's Technical information page > "Transaction feedback" tab, in the "Direct HTTP server-to-server request" section (Request method).

4.2.3 SHA-OUT

To ensure the integrity of the feedback parameters, we strongly recommend you to perform a SHA-OUT calculation.

The values of the fields listed below need to be concatenated in the given order, with the SHA-OUT pass phrase only at the end of the string.

Note: This SHA-OUT calculation should not to be confused with the SHA-OUT calculation on the transaction feedback (see e-Commerce).

4.3 Step 3: Authorisation/payment request

4.3.1 e-Commerce

You must send at least the following additional hidden fields in the redirection to orderstandard.asp / orderstandard_UTF8.asp:

Parameter

Explanation

PSPID

Merchant affiliation name in our system

ORDERID

Merchant order number (merchant reference)

AMOUNT

Amount to be paid (MULTIPLIED BY 100)

CURRENCY

Currency of the order in ISO alpha code

LANGUAGE

Language of the customer

SHASIGN

SHA-IN signature for security

PM

“PAYPAL” fixed value

TXTOKEN

As received from our system (see step 2)

PAYID

As received from our system (see step 2)

Optional:

Field

Explanation

COMPLUS

Use this field to submit product/item details. The data will be displayed on the PayPal page.

More information about these fields can be found online. Just log in to your Ingenico ePayments account and go to: "Support > Integration & user manuals > Technical guides > Parameter Cookbook".

If you send us the authorisation/payment request via e-Commerce, on submission of the hidden fields the customer will be sent straight to the transaction confirmation screen (unless an error occurs).

If you want to redirect the customer at the end of the transaction process, you can send an ACCEPTURL or DECLINEURL in the hidden fields that differs from those sent in step 1.

This step can be simulated on the following test page: https://ogone.test.v-psp.com/ncol/test/teststd.asp

Important note on the PayPal cancellation button

The cancel button on the PayPal Express Checkout page does not cancel the transaction on the Ingenico ePayments payment page; by default it takes the customer back to the payment method selection on our payment page, OR it redirects the customer to your own payment method selection page by using the "BACKURL" or back button configuration.

You can configure the BACKURL in your Ingenico ePayments account, via Configuration > Technical information > Payment page > "Back button redirection", and/or you send it along with the other hidden fields to the payment page. In this last case, the URL in the "Back button redirection" (if entered) will be overwritten.

4.3.2 DirectLink

You must send at least the following parameters in the request on orderdirect.asp: (No credit card related information needs to be sent)

Parameter

Explanation

PSPID

The merchant’s affiliation name in our system

USERID

Name of the merchant’s application (API) user

PSWD

Password of the API user (USERID)

ORDERID

The merchant’s order number (merchant reference)

AMOUNT

Amount to be paid MULTIPLIED BY 100

CURRENCY

Currency of the order in ISO alpha code

PM

Fixed value “PAYPAL”

TXTOKEN

As received from our system (see step 2)

PAYID

As received from our system (see step 2)

Optional:

Field

Explanation

COMPLUS

Use this field to submit product/item details. The data will be displayed on the PayPal page.

If you've entered a value in the SHA-IN Signature field in the "Checks for DirectLink" section (in the Technical information page in your account, the "Data and origin verification" tab), you also need to send the SHASIGN parameter with your request.

If you send us the authorisation/payment request via DirectLink, our system returns you the response in XML format.

5. Maintenance operations

Maintenance operations (data capture, refund, etc.) can be performed in your Ingenico ePayments Account or via DirectLink, i.e. in a similar way as for standard credit card transactions.

A PayPal authorisation is only valid for 3 days.

6. Alias Manager: Recurring transactions

You can perform recurring transactions with PayPal Express Checkout without having to re-enter the customer's identification details.

In order to work with recurring PayPal transactions, you need to activate the Alias Manager option in your Ingenico ePayments account. Alias Manager allows you to process recurring transactions.

6.1 PayPal Account Configuration

Next to the basic PayPal account configuration, the following boxes will also need to be ticked for the API permissions:

When the customer is sent to the PayPal login screen, he will identify himself and verify the payment (the current and future amounts) by clicking the “Agree and Pay” button.

When the customer clicks the “Agree and Pay” button, he enters into an invoicing agreement with PayPal, which authorises the merchant to charge the customer's PayPal account directly. We will create the Alias in our Alias database based on the PayPal invoicing agreement.

6.3 Integration: splitting identification and payment

6.3.1 Step 1: Identification request

To create an alias, in addition to the default hidden fields the merchant must send specific alias fields:

When the customer is sent to the PayPal login screen, he will identify himself and verify the payment (the current and future amounts) by clicking the “Agree and Pay” button.

When the customer clicks the “Agree and Pay” button, he enters into an invoicing agreement with PayPal, which authorises the merchant to charge the customer's PayPal account directly. We will create the Alias in our Alias database based on the PayPal invoicing agreement.

A text explaining the reason for the Alias registration (the same as in step 1)

At this stage we will create the Alias in our Alias database, based on the invoicing agreement from PayPal.

6.4 Alias usage

The merchant can perform a recurring PayPal transaction via the e-Commerce or DirectLink mode.

6.4.1 e-Commerce

The merchant needs to send an existing ALIAS value in the “ALIAS” hidden field. We will then check whether the ALIAS already exists for the merchant’s PSPID. If the ALIAS exists, we will trigger a recurring payment. The customer will be sent straight to the payment confirmation screen (unless an error occurs).

6.4.2 DirectLink

The merchant has to send the “ALIAS” parameter in his request. We will then check whether the ALIAS exists for the merchant’s PSPID and look up the financial profile (based on the ALIAS) in the database.

ImportantWhen using an Alias with Paypal, the Merchant also has to specify the brand in his request (PM=PAYPAL)

6.4.3 Batch

The merchant needs to send an existing Alias with the “ALIAS” field (field 17) in his file. We will then check whether the ALIAS exists for the merchant’s PSPID and look up the financial profile (based on the ALIAS) in the database.

6.5 Alias management

The value in the “card number” field in the alias management page represents the PayPal invoicing agreement for that specific alias.

It is not possible to update an alias (manually or during a transaction). The merchant needs to delete the original alias and create a new one in the event that some of the details change.

Every Alias remains valid until it is deleted.

7. Instant Payment Review (IPR)

With this functionality, each transaction will have a "pending" status until manually verified by PayPal; this verification usually takes between 24 and 36 hours after the online transaction. Once verified, Paypal will send you an IPN (Instant Payment Notification) containing all relevant payment information.

7.1 Parameters

In order for IPR to function, you must send the customer's address information via the fields below:

Field

Description

Mandatory

ECOM_SHIPTO_ONLINE_EMAIL

E-mail address

N

ECOM_SHIPTO_POSTAL_CITY

Town or city

Y

ECOM_SHIPTO_POSTAL_COUNTRYCODE

ISO country code (BE, FR, US, etc.)

Y

ECOM_SHIPTO_POSTAL_NAME_FIRST

First name

Y

ECOM_SHIPTO_POSTAL_NAME_LAST

Last name

Y

ECOM_SHIPTO_POSTAL_POSTALCODE

Postcode / zip

Y

ECOM_SHIPTO_POSTAL_STATE

State (ISO code - 2 chars)

Y

ECOM_SHIPTO_POSTAL_STREET_LINE1

Address

Y

ECOM_SHIPTO_POSTAL_STREET_LINE2

Additional address details

N

ECOM_SHIPTO_POSTAL_STREET_NUMBER

House number

N

ECOM_SHIPTO_TELECOM_FAX_NUMBER

Fax number

N

ECOM_SHIPTO_TELECOM_PHONE_NUMBER

Telephone number

N

More information about these fields can be found in your Ingenico ePayments account. Just log in and go to: "Support > Integration & user manuals > Technical guides > Parameter Cookbook".

7.2 Workflow

During the payment process: After the customer has identified himself, all information is sent to PayPal. The customer will see that the transaction is being processed Offline.

In the first 24 hours following the payment: Nothing will happen. PayPal will not provide a response for at least 24 hours.

Between 24 and 48 hours after the payment: PayPal will send the review results to our system. If you have configured your account to receive offline status change notifications, you will receive one at that moment. This is to be configured in your Technical Information, in the "Transaction Feedback" tab. For more information about notifications, go to "Use your Ingenico ePayments account".

Between 48 and 96 hours after the payment: If we have not received any information from PayPal after 48 hours, our system will fetch the payment result from PayPal. If no result is received, we will re-try every 4 hours.

96+ hours after the payment: If the transaction is still unresolved after 96 hours, you should contact our Customer Care team, which will contact PayPal and solve the issue manually.

7.3 Statuses

If working with the Sale operation code:

When submitting a new transaction, the status will be "91 - Payment processing"

If the Review result is positive (no fraud) the transaction status will be "9 - Payment requested"

If the Review Result is negative, the transaction status will be "93 - Payment refused"

If working with the Authorisation operation code:

When submitting a new transaction, the status will be "51 - authorisation processing"

If the Review result is positive (no fraud), the transaction status will be "5 - Authorised"

If the Review Result is negative, the transaction status will be "2 - Authorisation refused"

PayPal recommends you NOT to deliver any goods until payment has been settled!

7.4 Ingenico ePayments account

When viewing the transaction detail in your Ingenico ePayments Account, the following message will appear:

Note that this message will remain visible, even when the status has been updated following the PayPal response, (in this example, you see the transaction is already in status 9).

8. PayPal Seller Protection

With PayPal Seller Protection, you might be covered in the event of an unauthorised payment, an item not received dispute, chargeback, or reversal, as long as the transaction in question meets PayPal's eligibility requirements.

You should contact PayPal for any further questions about Seller Protection and eligibility requirements.

In order for a transaction to comply with Seller Protection after approval from PayPal, you must send the following fields with every transaction:

Parameter

Description

ECOM_SHIPTO_POSTAL_NAME_FIRST

Delivery first name

ECOM_SHIPTO_POSTAL_NAME_LAST

Delivery last name

ECOM_SHIPTO_POSTAL_STATE

Delivery state (ISO code - 2 chars)

ECOM_SHIPTO_POSTAL_STREET_LINE1

Delivery address first line

ECOM_SHIPTO_POSTAL_STREET_LINE2

Delivery address second line

ECOM_SHIPTO_POSTAL_COUNTRYCODE

Delivery ISO country code (BE, FR, US, etc.)

The following parameters are not mandatory but are recommended to comply in the best way with seller protection:

Parameter

Description

ECOM_SHIPTO_POSTAL_CITY

Delivery city

ECOM_SHIPTO_POSTAL_POSTALCODE

Delivery postcode

More information about these fields can be found in your Ingenico ePayments account. Just log in and go to: "Support > Integration & user manuals > Technical guides > Parameter Cookbook".

Note: According to PayPal specifications, Ingenico ePayments must send the buyer's full name in the field ADRSHIPNAME to PayPal. The corresponding value for this field is the value of either "ECOM_SHIPTO_POSTAL_NAME_LAST" or "ECOM_SHIPTO_POSTAL_NAME_FIRST", in this order of priority. When you send both "ECOM_SHIPTO_POSTAL_NAME_LAST" and "ECOM_SHIPTO_POSTAL_NAME_FIRST" parameter values, only the information of "ECOM_SHIPTO_POSTAL_NAME_LAST" will be taken into account for the ADRSHIPNAME field sent to PayPal.

Ingenico ePayments is the online and mobile commerce division of Ingenico Group. We connect merchants and consumers, enabling businesses everywhere to go further beyond today’s boundaries and creating the future of global commerce. As industry leaders since 1994, our innovative spirit drives us forward across all channels. We are the trusted partner of over 65,000 small and large merchants who rely on us to make payments easy and secure for their customers. With advanced data analytics, fraud management solutions and cross-border commerce expertise, we help merchants optimize their business and grow into new markets around the world.

Learn more

This website uses cookies to be able to give you the best user experience. If you don't want to accept these cookies, we allow you to change the cookie settings. Click 'Accept' to allow all cookies from this website.